Malware-based threats surged in the first half of 2024, up by 30% compared to the same period in 2023, according to SonicWall’s 2024 Mid-Year Cyber Threat Report.
There was a particular spike in malware attacks from March to May, with a 92% year-on-year increase in May alone.
The firm also observed 78,923 new variants in H1 2024, equating to 526 never-before-seen malware variants every day.
Additionally, 15% of all observed malware were leveraging software packing as the primary MITRE TTP.
Malware Attackers Adept at Defense Evasion
The report also found that threat actors are using more sophisticated forms of malware and delivery mechanisms to increase the success of attacks.
This includes techniques designed to bypass common security protocols.
PowerShell – a legitimate Windows automation tool used by developers – is now exploited by over 90% of malware families, including AgentTesla, GuLoader, AsyncRAT, DBatLoader and LokiBot.
PowerShell scripts are used for various malicious tasks, including to evade detection and to download additional malware.
While PowerShell has made extensive efforts to prevent the execution of downloaded scripts with restricted execution policies, SonicWall noted that attackers have found ways to bypass these restrictions by invoking scripts locally or using command-line arguments to execute malicious code.
Additionally, upgrades have been made to several malware that target Android systems, which are designed to bypass multi-factor authentication (MFA) protocols. These are:
- Anubis. This banking trojan is now capable of bypassing MFA by capturing SMS messages with one-time passwords (OTPs)
- AhMyth. This RAT, which targets Android devices through infected apps on various stores, performing keylogging, taking screenshots and intercepting MFA OTPs
- Cerberus. This malware now contains features like SMS control, keylogging and audio recording, allowing it to intercept OTPs and bypass MFA for unauthorized transactions
Read now: MFA Bypass - The Next Frontline for Security Pros
A 92% surge in encrypted threats demonstrates that cybercriminals are increasingly utilizing TLS-encrypted transfers to deliver malware and other threats, according to the researchers.
IoT Attacks Rise by 107%
SonicWall observed an enormous 107% year-on-year increase in attacks targeting Internet of Things (IoT) devices in the first half of 2024.
The researchers believe these devices are being targeted more frequently because they often lack robust security measures.
This threat was highlighted by the Chinese state-sponsored Volt Typhoon campaign in late 2023, which compromised hundreds of small office/home office (SOHO) routers in the US, forming a botnet used to conceal further hacking activities targeting critical infrastructure.
The TP-Link command injection flaw, CVE-2023-1389, was found to be the most commonly targeted IoT device vulnerability in the first six months of 2024, impacting 21.25% of small-to-medium sized businesses.
The exploitation of this vulnerability has also been a driving factor in the spread of the notorious Mirai malware, which hijacks IoT devices to form botnets capable of executing large-scale distributed denial of service (DDoS) attacks.
Read more: IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers
“Since IoT devices are often integral to critical infrastructure, successful attacks can be highly lucrative for cybercriminals,” wrote SonicWall.
Ransomware Prevalence Varies by Region
The report highlighted a significant rise in ransomware attacks in North America (15%) and Latin America (51%) in H1 2024.
However, ransomware attacks in the EMEA region fell by 49% year-on-year over the same period. The researchers said this suggests that improved cybersecurity measures and notable law enforcement interventions are having a positive impact in the region.
The report also highlighted that despite ransomware attacks making the biggest headlines in cybersecurity, its insurance partner has reported it is now seeing 10 business email compromise (BEC) for every ransomware incident.